Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 of China, based on Electron. Versions of Electerm prior to 3.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of a fixed-zero IV, a constant KDF salt, and no MAC generation in the deterministic AES-192-CBC...

CVE-2026-8647

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

Use of Blocking Code in Single-threaded, Non-blocking Context

Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...

Oracle Linux 7 : openssl (ELSA-2026-50114)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50114 advisory. 1.0.2k-26.0.1fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3...

Advisory ROSA-SA-2026-3152

Software: libssh 0.9.6 OS: ROSA Virtualization 3.1 unaffected versions = libssh-0.9.6-16.rv31 affected versions libssh-0.9.6-16.rv31 CVE-ID: CVE-2025-5318 BDU-ID: 2025-09008 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside ...

openssl security update

1.0.2k-26.0.1fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059...

RUSTSEC-2026-0069 Incorrect Length Encoding on KDF Export

Passing values length 65535 to Context::export produces output that disagrees with the RFC 9180 label encoding. In particular the length value is cast to u16 truncating any value exceeding 65535. Impact Applications that use hpke-rs to export very large secrets would experience interoperability...

Incorrect Length Encoding on KDF Export

Passing values length 65535 to Context::export produces output that disagrees with the RFC 9180 label encoding. In particular the length value is cast to u16 truncating any value exceeding 65535. Impact Applications that use hpke-rs to export very large secrets would experience interoperability...

MiracleLinux 8 : libssh-0.9.6-16.el8_10 (AXSA:2025-11173:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11173:03 advisory. libssh: Incorrect Return Code Handling in sshkdf in libssh CVE-2025-5372 Tenable has extracted the preceding description block directly from the MiracleLinu...

libssh security update

An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2025-2392)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...

CLSA-2025-1759951300 libssh: Fix of CVE-2025-5372

CVE-2025-5372: uninitialized key buffers caused by inconsistent sshkdf return value...

EUVD-2023-59117

Malicious code in bioql PyPI...

Wrangling Entropy: Next-Generation Multi-Factor Key Derivation, Credential Hashing, and Credential Generation Functions

The Multi-Factor Key Derivation Function MFKDF offered a novel solution to the classic problem of usable client-side key management by incorporating multiple popular authentication factors into a key derivation process, but was later shown to be vulnerable to cryptanalysis that degraded its...

SUSE-SU-2025:20596-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...

SUSE-SU-2025:02281-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

SUSE-SU-2025:02279-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...